TRENDING

Getting smart IDs to first responders

Industry group reaches out to put affordable smart ID technology into first responders' hands

By William Jackson

Sep 14, 2007

The Tiers of Trust

The Tiers of Trust First Responder Access Credential system offers agencies an affordable identification card that complies with federal Federal Information Processing Standard 201 standards but does not offer all the features found on federal Personal Identification Verification cards. Initial offerings in the package include:

The Emergency Management One contactless smart-card stock and card readers from HID Global.

Write-IMPACT v3.0 software for writing to the smart-card chip in FIPS 201 format, offered as a free download to participants from Secure Network Systems.

A U.S. Customs and Border Protection officer checks a driver entering the country.

U.S. Customs and Border Protection

A group of smart-card technology companies have formed a consortium to put affordable smart identification cards into the hands of first responders at the state and local levels.

The companies will provide hardware, software and services free or at steep discounts to cut the cost of deploying interoperable cards by as much as 75 percent.

The consortium, Tiers of Trust, was announced Sept. 11, the sixth anniversary of the terrorist attacks in New York and the Pentagon that graphically demonstrated the need for, and the lack of, reliable interoperable IDs that could be used to verify identity and track the presence of emergency response personnel. The same need and shortfalls were demonstrated again in the 2005 response to Hurricane Katrina.

'One of the problems we're running into is that people who are authorized and should have been there are unable to get in,' said Howard Schmidt, former cybersecurity adviser to the White House, who is leading the Tiers of Trust program. At the same time, many rescue workers who do gain access to sites cannot be tracked or deployed to take best advantage of their skills.

The problem has been addressed to an extent by Homeland Security Presidential Directive 12, which mandates smart Personal Identity Verification cards for federal workers and contractors. Federal Information Processing Standard 201 sets out the technical requirements for the PIV cards. Other presidential directives have established the National Incident Management System, which sets credentialing requirements for state and local first responders to qualify for federal preparedness grants.

' Howard Schmidt, former cybersecurity adviser to the White House'The federal government has done a pretty good job of putting a scheme together' for interoperable ID cards, Schmidt said. But the cost of fully implementing such a program nationwide could run as high as $300 million and is beyond small state and local agencies. The consortium 'provides an opportunity to close the gap in ID-ing those who need to be there or who are already in,' Schmidt said.

The Tiers of Trust First Responder Access Credential system offers agencies an affordable migration path to full FIPS-201 compliance by providing them with a 'FIPS-201 lite' card that complies with the federal standard but does not offer the full set of features found on federal PIV cards. The FRAC package is all commercial technology and 31 of the component products have been FIPS-201 certified. The difference in what is being offered through Tiers of Trust is in some of the functionality and pricing. Cost has kept FIPS-201 technology from being more widely deployed.

The cost of issuing a fully FIPS-201 compliant PIV card can run from $68 to more than $120. A card could be issued through a FRAC system for as little as $10. The big differences are that software is being made available for free, and the Emergency Management One smart card, available only to first responders, contains only the cheaper contactless chip rather than the dual-contact and contactless interface of the PIV card. 'The contact chip is more expensive,' said Melani Hernoud, chief executive officer at Secured Network Systems. The issuing process also is streamlined and the card does not contain the full range of public-key infrastructure and cryptographic functionality. Standard components, such as readers, also are being offered at discounts.

The contactless cards will be available with either the 125 KHz proximity chip, which has no storage, or the 13.56 MHz DESfire contactless chip with 4K or 8K storage capacity. Data on the DESfire chips can be encrypted with the Triple DES algorithm. The cardstock is ruggedized to withstand the harsh environments of an emergency response scene and decontamination processes.

Agencies with an access card system would be able to issue cards to their own employees for use at an emergency scene. Because the cards work with most readers now in place to control building access, they also could be used as the agency's primary ID or access card. Information on the cards would include, at a minimum, mandatory FIPS-201 fields for the Federal Agency Smart Card Number, the Card Holder Unique Identifier and an expiration date. There also is room for professional qualifications and certifications, such as emergency medical technician, so that workers could be effectively deployed in the field.

At an emergency scene, readers could be used at the command post set up by the agency with jurisdiction on the site to control access. They also could be deployed to control access to and track the presence of workers in controlled areas, such as zones with greater activity and risk.

The readers could be used with cards already issued by the agency in charge, and because they are interoperable, they also would work with cards issued by other responding agencies. Cards also could be issued on-site to responders from agencies without the system.

Hernoud said the system was used in a pilot program in Colorado in the wake of Hurricane Katrina to provide ID cards to displaced New Orleans residents. The Colorado Bureau of Investigation did basic background checks using fingerprints, and the cards were being issued in 55 seconds. People without any other form of identification were able to use the new cards to drive, open bank accounts and even to ride on local buses for a year.

The program is open to first-responder organizations such as law enforcement, fire, hazmat, rescue and public health agencies in the United States and its territories, in addition to private-sector utilities, communications and transportation companies that operate critical infrastructure. Organizations should register for the program at www.TiersofTrust.com by Dec. 31. Priority will be given to the first 500 organizations to register.